The PHP development team announces two new versions, 7.2.26 and 7.3.13. Both versions has been released at December 18 and available immediately at their download page. For every releases, there are many improvements and bug fixes. All PHP users are encouraged to upgrade to this version.
But if you want to use precompiled one, you must wait for your distribution to provide it.
PHP 7.2.26 Changelog
- Bcmath:
- Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)
- Core:
- EXIF:
- GD:
- Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
- Intl:
- Fixed bug #78804 (Segmentation fault in Locale::filterMatches).
- OPcache:
- Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
- Standard:
PHP 7.3.13 Changelog
- Bcmath:
- Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)
- Core:
- Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044)
- Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)
- Fixed bug #78943 (mail() may release string with refcount==1 twice). (CVE-2019-11049)
- Fixed bug #78787 (Segfault with trait overriding inherited private shadow property).
- Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value).
- Fixed bug #78296 (is_file fails to detect file).
- EXIF:
- GD:
- Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
- MBString:
- Upgraded bundled Oniguruma to 6.9.4.
- OPcache:
- Fixed potential ASLR related invalid opline handler issues.
- Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
- PCRE:
- Fixed bug #78853 (preg_match() may return integer > 1).
- Standard:
- Fixed bug #78759 (array_search in $GLOBALS).
- Fixed bug #77638 (var_export'ing certain class instances segfaults).
- Fixed bug #78840 (imploding $GLOBALS crashes).
- Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
- Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).